May 23, 2007 Archiving 2007 1 ACE: A Novel Software Platform to Ensure the Integrity of Digital Archives Sangchul Song and Joseph JaJa Institute for Advanced.

Slides:



Advertisements
Similar presentations
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Advertisements

Secure Data Storage in Cloud Computing Submitted by A.Senthil Kumar( ) C.Karthik( ) H.Sheik mohideen( ) S.Lakshmi rajan( )
Creating Proposal and Managing Grants Maria Whalen (508)
Audit Control Environment Mike Smorul UMIACS. Issues surrounding asserting integrity Threats to Integrity of Digital Archives –Hardware/media degradation.
The Zebra Striped Network File System Presentation by Joseph Thompson.
Lecture 23 Internet Authentication Applications
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Chronopolis: Preserving Our Digital Heritage David Minor UC San Diego San Diego Supercomputer Center.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
ADAPT An Approach to Digital Archiving and Preservation Technology Principal Investigator: Joseph JaJa Lead Programmers: Mike Smorul and Mike McGann Graduate.
May Archiving PAWN: A Policy-Driven Software Environment for Implementing Producer- Archive Interactions in Support of Long Term Digital.
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
ACE: A Software Tool to Ensure the Integrity of Digital Archives Principal Investigator: Joseph JaJa Graduate Student: Sangchul Song Lead Programmer: Michael.
1 Using Scalable and Secure Web Technologies to Design Global Format Registry Muluwork Geremew, Sangchul Song and Joseph JaJa Institute for Advanced Computer.
July NAGARA 1 Producer-Archive Workflow Network Mike Smorul, Mike McGann, Joseph JaJa Institute for Advanced Computer Science Studies University.
Robust Tools for Archiving and Preserving Digital Data Joseph JaJa, Mike Smorul, and Mike McGann Institute for Advanced Computer Studies Department of.
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
ACE: A Software Tool to Ensure the Integrity of Digital Archives Principal Investigator: Joseph JaJa Graduate Student: Sangchul Song Lead Programmers:
FOCUS: FOrmat CUration Service Advisor: Dr. Joseph JaJa Students: Sang Chul Song Muluwork Geremew.
Robust Technologies for Automated Ingestion and Long-Term Preservation of Digital Information Principal Investigator: Joseph JaJa Lead Programmers: Mike.
PAWN: Producer-Archive Workflow Network University of Maryland Institute for Advanced Computer Studies Joseph JaJa, Mike Smorul, Mike McGann.
Mike Smorul Saurabh Channan Digital Preservation and Archiving at the Institute for Advanced Computer Studies University of Maryland, College Park.
Robust Technologies for Automated Ingestion and Long-Term Preservation of Digital Information PI: Joseph JaJa Co-PIs: Allison Druin and Doug Oard Major.
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation Mike Smorul, Joseph JaJa, Yang Wang, and Fritz McCall.
Archival Prototypes and Lessons Learned Mike Smorul UMIACS.
FOCUS – A Scalable and Extensible Digital Format Registry Principal Investigator: Joseph JaJa Graduate Students: Sang Song and Muluwork Geremew Lead Programmers:
System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.
Automated Tracking of Online Service Policies J. Trent Adams 1 Kevin Bauer 2 Asa Hardcastle 3 Dirk Grunwald 2 Douglas Sicker 2 1 The Internet Society 2.
Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.
Cong Wang1, Qian Wang1, Kui Ren1 and Wenjing Lou2
Working Group: Practical Policy Rainer Stotzka, Reagan Moore.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Cloud Integrity Monitoring Mike Smorul ADAPT Group University of Maryland, College Par.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
1 Schema Registries Steven Hughes, Lou Reich, Dan Crichton NASA 21 October 2015.
Practical Byzantine Fault Tolerance
Rule-Based Preservation Systems Reagan W. Moore Wayne Schroeder Mike Wan Arcot Rajasekar Richard Marciano {moore, schroede, mwan, sekar,
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
OAIS Rathachai Chawuthai Information Management CSIM / AIT Issued document 1.0.
Millman—Nov 04—1 An Update on Digital Libraries David Millman Director of Research & Development Academic Information Systems Columbia University
Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
Search and Access Technologies for Large Scale Web Archives Joseph JaJa, Sangchul Song, and Mike Smorul Institute for Advanced Computer Studies Department.
ICM – API Server & Forms Gary Ratcliffe.
System/SDWG Update Management Council Face-to-Face Flagstaff, AZ August 22-23, 2011 Sean Hardman.
Hall, Accounting Information Systems, 8e ©2013 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly.
Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore
12/9-10/2009 TGDC Meeting The VVSG Version 1.1 Overview John P. Wack National Institute of Standards and Technology
Alex Chee Daniel LaBare Mike Oster John Spann Bryan Unbangluang Collaborative Document Sharing In Conjunction With.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.
CloudAV: N-Version Antivirus in the Network Cloud Jon Oberheide, Evan Cooke, Farnam Jahanian Electrical Engineering and Computer Science Department, University.
PAWN: Producer-Archive Workflow Network
Hardware-rooted Trust for Secure Key Management & Transient Trust
A Fault Tolerance Protocol for Uploads: Design and Evaluation
Chapter 11: Software Configuration Management
Policy-Based Data Management integrated Rule Oriented Data System
Joseph JaJa, Mike Smorul, and Sangchul Song
Future Data Architecture Cloud Hosting at USGS
Secure Electronic Transaction (SET) University of Windsor
Architecture Competency Group
Chapter 11: Software Configuration Management
ACE – Auditing Control Environment
Presentation transcript:

May 23, 2007 Archiving ACE: A Novel Software Platform to Ensure the Integrity of Digital Archives Sangchul Song and Joseph JaJa Institute for Advanced Computer Science Studies Department of Electrical and Computer Engineering University of Maryland, College Park Sponsored by Library of Congress and NSF

May 23, 2007 Archiving Main Threats to Integrity of Digital Archives Hardware/media degradation Hardware/software malfunction Operational errors Technology evolution Object transformation (format obsolescence) Infrequent access to most data Evolution of cryptographic schemes Security breaches, malicious alterations

May 23, 2007 Archiving Existing Methodologies Core Techniques –Replication: mirroring –Coding techniques: parity checking (RAID), erasure codes –Cryptographic one-way hashing: checksum Techniques for Digital Archives –Hashing only –Replication + voting scheme –Hashing + replication –Digital Signatures –Time Stamping (PKI vs. hash-linking)

May 23, 2007 Archiving ACE - Assumptions Basic Assumption on the archive –Each object has a persistent identifier –In the presence of multiple copies, one is designated as master. No other assumptions – architecture can be centralized, distributed, or peer-to-peer; policies can be centralized, distributed, or federated.

May 23, 2007 Archiving ACE – Base Methodology Three-tiered Cryptographic Information. Each tier is periodically audited separately according to policies set by managers. Integrity Token Witness Cryptographic Summary Information 1 IT/object ~1KB 1 CSI/time window Or 1 CSI / (n) objects ~100MB/year 1 Witness/week ~2-3KB/year k:1l:1

May 23, Three-Tiered Cryptographic Information

May 23, ACE – System Architecture

May 23, 2007 Archiving ACE – Overview Integrity Token Hash (obj) ACE-AM 3 rd Party Auditor Client ACE-IMS object

May 23, 2007 Archiving ACE – Registration 1. A request containing the hash of the object is made to ACE. 2. When the aggregation round closes, the Aggregator builds an authentication tree. 3. A receipt is returned. 4~5. A new cryptographic summary is computed and the integrity token for each request is constructed. 6~8. Each object retrieves its integrity token.

May 23, 2007 Archiving ACE Witness Publication Cryptographic Summary Information Witness … Once a week, a witness is computed from the cryptographic summaries generated during the week. The witness of the week is widely published on the Internet – currently, gets posted to the newsgroups at Google, Yahoo and MSN. The witness is also stored on a CD- ROM

May 23, 2007 Archiving ACE – Demo Modify

May 23, 2007 Archiving ACE Audit Integrity Token Witness Cryptographic Summary Information Object 1. Each digital object is audited locally using the integrity token, according to the policy set by the local manager. 2. The integrity management system periodically audits the integrity tokens according to its policies. 3. Cryptographic summaries are audited as necessary using the published witness values.

May 23, 2007 Archiving Auditing Cryptographic Summaries Witness … Cryptographic Summary Information The system collects all the summaries that share the same Time Frame ID, and builds a validation witness. The system retrieves the published witness of the Time Frame ID from the newsgroups. The published witness is then compared to the validation witness

May 23, 2007 Archiving ACE Update– Obsolete Hash Functions Objects are registered again with the information on the old integrity token (IT). The new IT token is constructed using this information. The object integrity from the previous registration to the new registration can still be verified with the old IT, whereas the new IT will be responsible from the new registration.

May 23, 2007 Archiving ACE Update – Object Transformation The new object is registered again. However, the registration request contains information on the old integrity token. The new integrity token is constructed using this information. With this information, a future audit can track current version back to the previous version.

May 23, 2007 Archiving ACE Performance Preliminary performance evaluation –Setup : Audits on the NARA EAP Image Collection consisting over 1.1TB of 126,548 files. –Results: All files were audited in about 15 hours. –Note 1: Most of the time was spent in moving the data between the separate machines. –Note 2: Registration on the same collection took almost the same time.

May 23, 2007 Archiving ACE Summary Third-party auditable Cryptographically rigorous yet cost-effective Update-aware Highly interoperable Scalable High Performance

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.